Canada looks at possible changes to how it shares data among federal agencies, foreign partners

Hearings in Ottawa are questioning the national and international agreements that allow for the sharing of information in the name of Canada’s national security. 

By: /
December 16, 2016
CSE/CSIS
A sign is pictured outside the Canadian Security Intelligence Service (CSIS) headquarters in Ottawa November 5, 2014. REUTERS/Chris Wattie/File Photo

Canada is reviewing how intelligence agencies — such as the Royal Canadian Mounted Police (RCMP) and Canadian Security Intelligence Service (CSIS) — share information for the purposes of national security.

Seeds for possible amendments to federal legislation are being planted by the House of Commons’ ethics and privacy committee, which is currently reviewing the 2015 Security of Canada Information Sharing Act (SCISA) — the law that governs how information is shared between domestic agencies to thwart security threats.   

The committee plans to hold more hearings in coming weeks and expects to make recommendations in the near future on whether SCISA should be amended to address privacy concerns. The process is part of the Liberal government’s ongoing national security consultation and review of Canada’s 2015 Anti-Terrorism Act, previously known as Bill C-51, of which SCISA is a component. 

The act has been criticized for giving government agencies expanded authority — via the SCISA — to share information about individuals, as well as giving CSIS greater power to act on intelligence information in its efforts to reduce security threats to Canada. 

The SCISA authorizes the federal government to disclose information related to any activity that undermines the security of Canada, allowing for that information to be shared between 17 Canadian federal agencies. 

The 2015 act has thrown “wide open the barn doors on information sharing, but in such a… way that the only certain consequence will be less privacy for Canadians,” said University of Ottawa law professor Craig Forcese during a Nov. 3 meeting.

But while the SCISA exists to regulate how Canada shares information domestically, the review hearings have also raised questions around how Canada shares data with its foreign partners — a process critics say is shrouded in secrecy. 

Specifically, the review is looking at how Canada participates in one of its most important foreign spying arrangements — the decades-old deal between Ottawa and its Five Eyes allies in the U.S., UK, Australia and New Zealand.

“You can’t necessarily control what will happen in response to the information once it’s shared."

The Five Eyes alliance is an international surveillance network that has collected and shared communications data for nearly 70 years. The arrangement remains one of Canada’s most valuable windows into the outside world. But the push for more effective information sharing at home also applies to how Canada shares data with its foreign partners, as some experts call for increased accountability and safeguards to ensure that any information collected from Canadians is protected by Canadian privacy laws and used only in Canada’s own interests. 

Canada already stopped sharing some metadata with the alliance after it was revealed by Communications Security Establishment (CSE) Commissioner Jean-Pierre Plouffe in January that the CSE – Canada’s equivalent of the U.S.’s National Security Agency – was not adequately protecting citizens' information before passing it on to the Americans and other allies.  

The CSE did not “act with due diligence when it failed to ensure that the Canadian identity information was properly minimized prior to sharing,” Plouffe wrote to the Standing Senate Committee on National Security and Defence in February. Minimization is the process by which data that could identify Canadian individuals is made unrecognizable before it is shared. 

The CSE may have unintentionally shared Canadians’ personal information such as email addresses and phone numbers, but not the content of emails or recordings of phone calls. The lapse was attributed to a software glitch.

“No Canadian should need to fear that their private information is being handed to foreign agencies by their own government,” Laura Tribe, OpenMedia’s digital rights specialist, said.

Minister of Defence Harjit Sajjan has said the CSE would not resume sharing the information until he was fully satisfied that effective measures are in place.

The decision to suspend some information-sharing activities comes at a time when some Western countries are looking to reconcile intelligence sharing beyond their borders with the commitment to protect their own citizens’ privacy.  

Sharing information with foreign governments can become tricky if another country decides it is in its own national interest to use information passed on by Canada for its own purposes. The difficulty lies in “reconciling domestic review bodies with an internationalized process that might implicate the interests of foreign states,” said Forcese. 

This concern surfaced in 2013 when Justice Richard Mosley issued a judgment – in a case now known as Re(X) – that CSIS deceived the Federal Court of Canada when it had asked the other Five Eyes partners to help carry out the electronic surveillance of two Canadian citizens, whose identities have not been revealed publicly. 

CSIS wanted to continue tracking the two individuals, whose actions were deemed sufficiently suspicious to secure the domestic warrant, while they were abroad. It had assured the court that surveillance would be carried out and controlled from inside Canada. But by involving foreign spy agencies – which was not part of the original request – the court was afraid there was no guarantee that the collected information would be subject to legal safeguards. 

“You can’t necessarily control what will happen in response to the information once it’s shared,” Sukanya Pillay, executive director of the Canadian Civil Liberties Association, explained to the committee on Nov. 3. 

Former CSE commissioner Robert Decary confirmed in his 2013-2014 annual report that the agency has no way of determining whether the other Five Eyes keep their promise to protect information about Canadians. Beyond “certain general statements or assurances” between the CSE and its partners, he was “unable to assess the extent” to which the other countries “follow the agreements with CSE and protect private communications and information about Canadians in what CSE shares with its partners.”

Kent Roach, a University of Toronto law professor and anti-terrorism law expert, told the committee last month that currently “the act remains silent, on its face, about foreign information sharing.” Recently, the CSE’s current commissioner recommended that the minister of national defence direct the CSE to “set out expectations for the protection of the privacy of Canadians when CSE shares foreign intelligence.”

Pillay agrees with the recommendation. While Canada is a recipient of valuable intelligence from the Five Eyes, she said, “there have to be checks and balances on Canada’s role in the Five Eyes – what it tasks its partners to do, and what it says it’s doing here in Canada versus what’s actually happening with the Five Eyes partners.”

Recently, an executive from Canada’s spy-watchdog agency said information-sharing alliances are important but that Canada may reconsider its practices specifically with the United States, considering President-elect Donald Trump’s stance on torture.

As the Globe and Mail reported, Michael Doucet, the executive director of the Security Intelligence Review Committee, spoke two weeks ago in Toronto. “They may have a new administration that thinks torture is a good thing…It’s going to be an interesting and challenging time, and we’ve got to think about what defines us as Canadians,” he said.